IETF Logo Mail Archive

Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-options-21 and -22

"touch@strayalpha.com" <touch@strayalpha.com> Mon, 19 June 2023 20:08 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA92EC15106F for <tsvwg@ietfa.amsl.com>; Mon, 19 Jun 2023 13:08:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.316
X-Spam-Level:
X-Spam-Status: No, score=-6.316 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DynxCqWerozA for <tsvwg@ietfa.amsl.com>; Mon, 19 Jun 2023 13:08:25 -0700 (PDT)
Received: from server217-2.web-hosting.com (server217-2.web-hosting.com [198.54.115.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 274C5C14CE38 for <tsvwg@ietf.org>; Mon, 19 Jun 2023 13:08:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=C0uX2QRkHu0pjmPG6UwESm3ewdH+nBq1hTTK77QsL+w=; b=w0is28BkeDyOeveb6Nn3ppGdU4 5t4oxTZlKk1vAFDBeFrXP+VxkBas0vWXi+MLIHPdj8HRhhsr0LsJFIinZ+dKsGWFGEF/yTpvR3QQk Z3BJS5bROqTkxP7g7akYwAEBmSxoeB+n6sAIpQUI5NM7SmuAGtmrEjzryJIiw+vk2ua5UzhLv7X8x RomWKZEOjN9146DihN0cTUJ6X7biPMpcHJeol7bJdhv5MfR+lUIqtT89kWQ1Yr4V4Gw3cYjnf8bnm p5GB92lkPbPTtBv92uwojxuPY/EjnqfRlzcZxYvQRaG7jBzDgA4alSnkIop5UVYsHD3DE79Xfkjcv JgJgF9yA==;
Received: from [172.58.209.100] (port=18502 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <touch@strayalpha.com>) id 1qBLAg-00H9S6-93; Mon, 19 Jun 2023 16:08:23 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_3E59D8D4-7C03-47CA-A74D-B5B977DA08B7"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <2ADA6DF5-6F14-46C6-8BD9-59ED8D41CC7E@strayalpha.com>
Date: Mon, 19 Jun 2023 13:08:07 -0700
Cc: TSVWG <tsvwg@ietf.org>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-Id: <7F1F6BDE-4D4F-4EA7-AF55-34BE8BEE42C3@strayalpha.com>
References: <CACL_3VEQdQa5oRn1bfcy-tA0TGiHxkSC-iquMk3kJrgPpJmRLA@mail.gmail.com> <CACL_3VFdBVW1cTK7L2zyTDyJq0ju6r5wK1NUep2C8XRbFc0+wQ@mail.gmail.com> <2ADA6DF5-6F14-46C6-8BD9-59ED8D41CC7E@strayalpha.com>
To: "C. M. Heard" <heard@pobox.com>
X-Mailer: Apple Mail (2.3731.600.7)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/nbyQ5QCncYEO_37Nko7l0mvEv4M>
Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-udp-options-21 and -22
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jun 2023 20:08:28 -0000

Make that Mike; I have no idea how autocorrect changed one into the other…


—
Dr. Joe Touch, temporal epistemologist
www.strayalpha.com

> On Jun 19, 2023, at 1:07 PM, touch@strayalpha.com wrote:
> 
> Hi, Tom,
> 
> Thanks for the detailed feedback. 
> 
> UDP was originally designed for 1:1 correspondence to an IP packet, but UDP option frag/reassy is designed to decouple the two, such that a single UDP segment can span multiple IP datagrams.
> 
> This is distinct from existing UDP datagrams that must fit inside a single IP datagram. The IP datagram can be fragmented at the IP layer into IP fragments.
> 
> So “datagram” is no longer accurate. Is there a better term than segment?
> 
> Joe
> 
> —
> Dr. Joe Touch, temporal epistemologist
> www.strayalpha.com
> 
>> On Jun 19, 2023, at 9:48 AM, C. M. Heard <heard@pobox.com> wrote:
>> 
>> I missed this: in draft-ietf-tsvwg-udp-options-22 Section 9.6 we see
>> 
>>    The Maximum Reassembled Segment Size (MRDS, Kind=5) option is a 16-
>>    bit indicator of the largest reassembled UDP segment that can be
>>    received. MRDS is the UDP equivalent of IP's EMTU_R but the two are
>>    not related [RFC1122]. Using the FRAG option (Section 9.4), UDP
>>    packets can be transmitted as transport fragments, each in their own
>>    (presumably not fragmented) IP datagram and be reassembled at the
>>    UDP layer.
>> 
>> Both occurrences of "segment" need to be replaced by "datagram".
>> 
>> My apologies for not commenting on this when it first showed up in -16.
>> 
>> ---------- Original Message ---------
>> From: C. M. Heard <heard@pobox.com <mailto:heard@pobox.com>>
>> Date: Sun, Jun 18, 2023 at 4:13 PM
>> Subject: Comments on draft-ietf-tsvwg-udp-options-21 and -22
>> To: TSVWG <tsvwg@ietf.org <mailto:tsvwg@ietf.org>>, Gorry Fairhurst <gorry@erg.abdn.ac.uk <mailto:gorry@erg.abdn.ac.uk>>, Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>>
>> 
>> On Mon, May 22, 2023 at 6:21 AM Gorry Fairhurst wrote:
>> > I have just read version 20, and I have some questions as a working
>> > group member. I hope this helps.
>> [ ... ]
>> >
>> > 12. "Values should "increase" (allowing for rollover) according to a
>> >        typical 'tick' time"
>> > - explain rollover in terms of the modulo the field size?
>> 
>> and in draft-ietf-tsvwg-udp-options-22 Section 9.8 we now see:
>> 
>>    o  Values should "increase" (allowing for rollover, i.e., modulo the
>>       field size) according to a typical 'tick' time
>> 
>> where "modulo the field size" is new text. But later on (in text that
>> has been around for several versions) we see:
>> 
>>    Rollover can be handled as a special case or more completely using
>>    sequence number extension [RFC9187], however zero values need to be
>>    avoided explicitly.
>> 
>>    >> TIME values MUST NOT use zeros as valid time values, because they
>>    are used as indicators of requests and responses.
>> 
>> Since the value zero is not a value time value, it is incorrect to say
>> that values should increment modulo the field size, i.e., modulo 2^32.
>> At most they can increment modulo 2^32 - 1. In fact, though, if time
>> values are incremented modulo 2^32 - 1, using output values in the range
>> 1 through 2^31-1, what you have is nothing more than conventional ones
>> complement arithmetic, and the difference between an echoed time stamp
>> received in a response and the current time value when it that response
>> is received can be reliably calculated through a rollover event by using
>> ones complement arithmetic. I've commented on this point before, and
>> I've received resistance on the grounds that such an interpretation is
>> unnecessarily constraining. Well, I don't agree. I think being explicit
>> on this point will enhance interoperability and predictability with
>> insignificant constraints. If there is disagreement, I'd like to hear
>> of an alternative scheme that accomplishes the same things within the
>> constraints of a 32-bit field width and avoidance of the value zero. In
>> any case, "modulo the field size" is not correct
>> 
>> =======================================================================
>> In draft-ietf-tsvwg-udp-options-22 Section 9.1 we see
>> 
>>    >> Bytes after EOL in the surplus area MAY be checked as being zero
>>    on receipt, but MUST be treated as zero regardless of their content
>>    and are not passed to the user (e.g., as part of the surplus area).
>> 
>> Do the words "MUST be treated as zero regardless of their content" mean
>> that an implementation that does not verify that bytes after EOL are in
>> fact equal to zero have to exclude them from the OCS validation? Doing
>> so would not play well checksum offload (see
>> https://mailarchive.ietf.org/arch/msg/tsvwg/9_1YWp-TApI9mcCuia8U6jfCwTA/).
>> 
>> I therefore propose this replacement text:
>> 
>>    >> Bytes after EOL in the surplus area MAY be checked as being zero
>>    on receipt but MUST NOT otherwise be processed (except for OCS
>>    calculation) or passed to the user.
>> 
>> This comment was made originally against -19 on 27-Jan-2023 but was not addressed.
>> =======================================================================
>> In draft-ietf-tsvwg-udp-options-22 Section 9.4 we see:
>> 
>>    >> Similar to IPv6 reassembly [RFC8200], if any of the fragments
>>    being reassembled overlap with any other fragments being reassembled
>>    for the same UDP packet, reassembly of that UDP packet MUST be
>>    abandoned and all the fragments that have been received for that UDP
>>    packet must be discarded, and no ICMP error messages should be sent
>>    in this case (to avoid a potential DOS attack turning into an ICMP
>>    storm in the reverse direction).
>> 
>> and
>> 
>>    >> UDP reassembly expiration MAY generate an ICMP error, but this
>>    MUST NOT use the existing IP reassembly timeout error type and code.
>> 
>>    [TBD: ?? Should we define a new code for this purpose?]
>> 
>> In my opinion, any mention of sending ICMP errors for UDP reassembly
>> failures is totally out of place, and all mention of this should be
>> removed from Section 9.4. Sending ICMP messages is a function of the
>> IP layer, not of the UDP layer (or any other transport layer).
>> 
>> My apologies for not commenting on this when it first showed up in -14.
>> =======================================================================
>> In draft-ietf-tsvwg-udp-options-22 Section 12 we see:
>> 
>>            if the UDP checksum passes or is zero then
>>                if ((OCS != 0 and fails or OCS == 0) and UDP CS != 0)
>>                or ((OCS != 0 and passes) and UDP CS == 0) then
>>                    deliver the UDP user data but ignore other options
>>                    (this is required to emulate legacy behavior)
>>                if OCS != 0 and passes or OCS == 0 when UDP CS != 0 then
>>                    deliver the UDP user data after parsing
>>                    and processing the rest of the options,
>>                    regardless of whether each is supported or succeeds
>>                    (again, this is required to emulate legacy behavior)
>> 
>> Corrected:
>> 
>>            if the UDP checksum passes or is zero then
>>                if OCS != 0 and fails or OCS == 0 when UDP CS != 0 then
>>                    deliver the UDP user data but ignore other options
>>                    (this is required to emulate legacy behavior)
>>                if OCS != 0 and passes or OCS == 0 when UDP CS == 0 then
>>                    deliver the UDP user data after parsing
>>                    and processing the rest of the options,
>>                    regardless of whether each is supported or succeeds
>>                    (again, this is required to emulate legacy behavior)
>> 
>> This comment was made originally against -19 on 27-Jan-2023 but was not addressed.
>> =======================================================================
>> In draft-ietf-tsvwg-udp-options-22 Section 22, 2nd paragraph, we see:
>> 
>>    Note that any user application that considers UDP options to affect
>>    security need not enable them. However, their use does not impact
>>    security in a way substantially different than UDP options; both
>>    enable the use of a control channel that has the potential for
>>    abuse. Similar to TCP, there are many options that, if unprotected,
>>    could be used by an attacker to interfere with communication.
>> 
>> The phrase "substantially different than UDP options" should be changed
>> to "substantially different than TCP options."
>> 
>> This comment was made originally against -19 on 27-Jan-2023 but was not addressed.
>> =======================================================================
>> In draft-ietf-tsvwg-udp-options-22 Section 22, 3rd paragraph, we see:
>> 
>>    UDP options create new potential opportunities for DDOS attacks,
>>    notably through the use of fragmentation. Except when enabled, UDP
>>    options cause no additional work at the receiver. At most, the
>>    required options (if enabled) result in a responding option in the
>>    next transmitted packet, but no options (including ECHO) ever
>>    initiate UDP responses in the absence of user transmission.
>> 
>> Corrected:
>> 
>>    UDP options create new potential opportunities for DDOS attacks,
>>    notably through the use of fragmentation. When enabled, UDP options
>>    may cause some additional work at the receiver; however, of the
>>    must-support options, only REQ (when used on a DLPMTUD probe [Fa22])
>>    will initiate a UDP response in the absence of a user transmission.
>> 
>> Note that [Fa22] needs to be updated to [Fa23].
>> 
>> This comment was made originally against -19 on 27-Jan-2023 but was not addressed.
>> =======================================================================
>> 
>> The unaddressed comments mentioned above can be found in
>> https://mailarchive.ietf.org/arch/msg/tsvwg/aGOHvmGfSTRs4ATgEEpqHrWAln4/.
>> 
>> I also commented there on the need to replace turn [To18]
>> (draft-touch-tcp-ao-encrypt) by a stable, normative reference, but I
>> won't belabor that, since it's part of a larger ongoing discussion.
>> 
>> Thanks and regards,
>> 
>> Mike Heard
>

v2.23.0 | Report a Bug | By Email